What we’ve actually shipped — and how it’s defended.
One page for the buyer, the buyer’s counsel, the buyer’s CFO and the buyer’s PI carrier. Measured outcomes from real engagements, the governance posture we ship by default, and the verbatim language regulators and carriers have already accepted.
The outcomes line, one tile per engagement
Each tile is a real engagement. The two commercial-vertical entries are explicitly anonymised composites of client work; the five social-impact entries are publicly-documented third-party programmes whose patterns we use as design references. Click into any one for the full challenge / solution / outcomes writeup.
The five-pillar governance posture we ship by default
Not the upgrade path. The default. Every engagement we sign gets this posture as the starting line; regulated verticals add layers, no one starts below it.
Tenant-only data path by default
Every deployment we ship keeps customer data inside the client’s own Microsoft 365 / Azure tenant. No third-party AI tool processes client data outside the tenant boundary. Where the workload is regulated (legal privilege, healthcare PHI, financial customer data), this is the architectural default — not an upgrade path.
BAA + DPA boundary preserved
For healthcare engagements: Microsoft 365 Copilot, Azure OpenAI, AI Builder and Azure AI Document Intelligence are all in scope of the signed Microsoft HIPAA BAA. We do not deploy any tool outside the BAA boundary for PHI. For EU engagements: the Microsoft EU data-boundary commitment applies on the right SKU and is documented in the deployment memo.
Purview labelling + per-matter / per-customer isolation
Sensitivity labels are applied at the source so Copilot and any grounded agent inherit the permission and labelling model. For legal: per-matter labels prevent Matter A content surfacing in a Matter B search. For financial services: customer-data scoping at the label level. Audit logs are reviewable by the GC.
Documentation a regulator can read
Every engagement ships with a deployment memo (purpose, data classes, retention, audit, controls) + an AI use register + an Acceptable Use Policy + an oversharing assessment. The six-document SMB response pattern is published in the EU AI Act post and the governance pack post — we use it ourselves.
No clinical-decision-support, no autonomous customer action
We explicitly do not build clinical-decision-support that would attract FDA SaMD scrutiny. We explicitly do not deploy agents that take consequential customer-facing action without a human in the loop. The clinician, the lawyer, the financial advisor and the construction PM remain the decision-maker on every chart, matter, recommendation and change order.
Verbatim language that’s already been accepted
These are the paragraphs that have actually passed in front of a PI carrier, a clinic compliance lead, an EU-exposed SMB’s counsel, and a board-level audit committee. Copy them. Adapt them. The control mapping in the right column is the framework they map to.
“All AI processing is performed inside the firm’s Microsoft 365 tenant. Microsoft Purview sensitivity labels are applied per matter, preventing cross-matter retrieval. Audit logs are reviewable by the General Counsel. No client data is transmitted to any AI service outside the tenant boundary.”
“All AI tooling processing PHI is inside the signed Microsoft HIPAA BAA. AI Builder, Microsoft 365 Copilot and Azure AI Document Intelligence are in scope. No clinical-decision-support is deployed; the clinician is the decision-maker on every chart. AI activity is logged in Microsoft Purview audit.”
“The deployment is documented in an AI use register listing every model, data class, purpose and review date. Article 4 AI-literacy training is completed and recorded. The system is not classified as high-risk under Annex III; we have documented the classification rationale. Microsoft 365 Copilot operates under the EU data boundary on the SKU in use.”
“Copilot seat assignments are reviewed quarterly against the weekly-active-user dashboard. Seats with fewer than four meaningful interactions in the last 30 days are reclaimed after one Champion outreach attempt. Per-seat spend is reconciled against measured task-level deltas published in the quarterly Copilot review.”
Want this posture inside your tenant?
Two ways in. The 8-minute readiness assessment scores your current footprint and recommends a calibrated next step. Or skip the assessment and start a conversation directly.